Search CVE reports
11 – 20 of 121 results
CVE-2023-5323
Medium priorityCross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Ignored | Needs evaluation |
CVE-2023-38888
Medium priorityCross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Ignored | Needs evaluation |
CVE-2023-38887
Medium priorityFile Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Ignored | Needs evaluation |
CVE-2023-38886
Medium priorityAn issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Ignored | Needs evaluation |
CVE-2023-33568
Medium priorityAn issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Ignored | Needs evaluation |
CVE-2023-30253
Medium priorityDolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2022-4093
Medium prioritySQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | Not in release | Not in release | Not in release | Vulnerable |
CVE-2022-43138
Medium priorityDolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | Not in release | Not in release | Not in release | Vulnerable |
CVE-2022-40871
Negligible priorityDolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | Not in release | Not in release | Not in release | Vulnerable |
CVE-2022-2060
Medium priorityCross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |